Ανοικτή Διακυβέρνηση & τρόποι εφαρμογής της Σεπτέμβριος 2015 e-gov Services, eid, STORK 2.0 A necessary combination <Petros KAVASSALIS, Univ. of the Aegean, i4m Lab & CTI, Greece>
eid, eid Management eid Identity Cards become digital eid Management eidm is a process (not merely a technology) that intervenes between a service request and the corresponding service provision with the objective to establish trust for the transaction and secure access to the relevant information 2
1. A straight forward process OAUth! 3
2. A digital identity approach What is a digital identity today? A digital identity is a composite document Multi-section; each section includes a personal attribute Multi-provider; attributes are collected from multiple Identity and Attribute Providers -- IdPs and APs providing service at different quality levels (LOA) Is managed by a federated identity structure (which also manages the user consent process) Is created through the collection of attributes from IdPs and APs members of the federation Is delivered to a Service Provider (SP), and consumed by the SP in an online authentication are access control process 4
Both approaches are technically possible GSIT (OAUth) and many others Cyprus, Belgium etc: common eid to use horizontally to access e-gov services You need a federal e-gov archirecture This is not trivial to design and implement STORK 2.0 can provide a staring basis 5
STORK 2.0 is a large EU online identity federation identity as a service STORK EU-EEA MS proxy nodes MS B ***In US: Backend Attribute Exchange (BAE) but only for Federal Government Services Identity and Attribute Providers 6
It is essentially: (i) a network of proxy nodes (PEPS) IdP AP C-PEPS SP S-PEPS 7
It is essentially: (ii) an attribute collection and aggregation service STORK 2.0 ACS 6 1 2 7 AtP1 AP SP SP 11 10 3 9 8 AtP2 5 attribute collection service 4 IdP Interaction with the user National IdP 8
The STORK 2.0 mechanism for identity attributes provision can be re-used to enable smart e-gov services e-gov services: requirements for federating personal information to (usually) produce an electronic document Cross-border services by necessity Should span over multiple organizations Always involve a process orchestrating various IT systems and users applicant interface basic registries gov IT (cms etc) employees desktops third party services (for example banks) 9
STORK 2.0 for e-government: an opportunity for smart and lean e-gov services Example: subscription of freshmen in Greek Universities involves the physical presence of a student s family. e-subscription through STORK 2.0! Application submission Document submission reception identification STORK 2.0 subscription IdP minedu 10
STORK 2.0 in a nutshell A common framework for cross-border federation and delivery of electronic identity in Europe In online-processes web authentication via multi-attributes digital identities e-mandate provision (vital for legal entities) e-signature cross-border transfer Open standards (SAML 2.0, HTTP POST, WebSSO) Pilots in real-world environment examples, open a bank account, diploma supplement, mandates with detailed power description etc. 11
How STORK 2.0 makes it possible? By creating clean interfaces at the extreme points STORK enabled applicatons common enterprise technologies WS-REST AP SP STORK SAML 2.0 common enterprise technologies SSO-WS-workflow IdP Streamline to increase aggregation efficiency 12
STORK 2.0 Interconnection Supporting Service? a proxy of proxy (S-PEPS) 6 AP1 1 2 7 8 11 10 SP-BANK 3 9 AP2 STORK 2.0 ISS 5 4 13 National IdP
http://www.eid-stork2.eu 14
15